datatracker.ietf.org
Sign in
Version 5.12.0, 2015-02-26
Report a bug

Mobile IPv6 and Firewalls: Problem Statement
RFC 4487

Document type: RFC - Informational (May 2006; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4487 (Informational)
Responsible AD: Margaret Wasserman
Send notices to: basavaraj.patil@nokia.com, gdommety@cisco.com

Network Working Group                                              F. Le
Request for Comments: 4487                                           CMU
Category: Informational                                        S. Faccin
                                                                B. Patil
                                                                   Nokia
                                                           H. Tschofenig
                                                                 Siemens
                                                                May 2006

              Mobile IPv6 and Firewalls: Problem Statement

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document captures the issues that may arise in the deployment of
   IPv6 networks when they support Mobile IPv6 and firewalls.  The
   issues are not only applicable to firewalls protecting enterprise
   networks, but are also applicable in 3G mobile networks such as
   General Packet Radio Service / Universal Mobile Telecommunications
   System (GPRS/UMTS) and CDMA2000 networks.

   The goal of this document is to highlight the issues with firewalls
   and Mobile IPv6 and act as an enabler for further discussion.  Issues
   identified here can be solved by developing appropriate solutions.

Le, et al.                   Informational                      [Page 1]
RFC 4487                  MIPv6 and Firewalls                   May 2006

Table of Contents

   1. Introduction ....................................................3
   2. Terminology .....................................................4
   3. Abbreviations ...................................................4
   4. Overview of Firewalls ...........................................4
   5. Analysis of Various Scenarios Involving MIP6 Nodes and
      Firewalls .......................................................6
      5.1. Scenario Where the Mobile Node Is in a Network
           Protected by Firewall(s) ...................................7
      5.2. Scenario Where the Correspondent Node Is in a
           Network Protected by Firewall(s) ...........................9
      5.3. Scenario Where the HA Is in a Network Protected by
           Firewall(s) ...............................................12
      5.4. Scenario Where the MN Moves to a Network Protected by
           Firewall(s) ...............................................12
   6. Conclusions ....................................................13
   7. Security Considerations ........................................14
   8. Acknowledgements ...............................................14
   9. References .....................................................14
      9.1. Normative References ......................................14
      9.2. Informative References ....................................14
   Appendix A. Applicability to 3G Networks ..........................15

Le, et al.                   Informational                      [Page 2]
RFC 4487                  MIPv6 and Firewalls                   May 2006

1.  Introduction

   Network elements such as firewalls are an integral aspect of a
   majority of IP networks today, given the state of security in the
   Internet, threats, and vulnerabilities to data networks.  Current IP
   networks are predominantly based on IPv4 technology, and hence
   firewalls have been designed for these networks.  Deployment of IPv6
   networks is currently progressing, albeit at a slower pace.
   Firewalls for IPv6 networks are still maturing and in development.

   Mobility support for IPv6 has been standardized as specified in RFC
   3775.  Given the fact that Mobile IPv6 is a recent standard, most
   firewalls available for IPv6 networks do not support Mobile IPv6.

   Unless firewalls are aware of Mobile IPv6 protocol details, these
   security devices will interfere with the smooth operation of the
   protocol and can be a detriment to deployment.

   Mobile IPv6 enables IP mobility for IPv6 nodes.  It allows a mobile
   IPv6 node to be reachable via its home IPv6 address irrespective of
   any link that the mobile attaches to.  This is possible as a result
   of the extensions to IPv6 defined in the Mobile IPv6 specification
   [1].

   Mobile IPv6 protocol design also incorporates a feature termed Route
   Optimization.  This set of extensions is a fundamental part of the
   protocol that enables optimized routing of packets between a mobile
   node and its correspondent node and therefore optimized performance

[include full document text]